Security Without Fear - Decipher
By By Dennis Fisher April 5, 2026 | 1 min read
Published: 2026-03-31 · Archived: 2026-04-05 17:50:30 UTC
Fortinet CVE-2026-35616 Actively Exploited
The company published an advisory on Saturday and urged all customers who are running affected
versions of the software to install the hotfix as quickly as possible. The bug affects versions 7.4.5 and 7.4.6
of FortiClient EMS. 
Go to previous slide
Go to slide 1
Go to slide 2
Go to slide 3
Go to next slide
Fortinet CVE-2026-35616 Actively Exploited
April 5, 2026 | 1 min read
https://duo.com/decipher/apt-groups-moving-down-the-supply-chain
Page 1 of 3

Supply Chain Attack Hits Axios NPM Packages
April 1, 2026 | 4 min read
Command Injection Bug in OpenAI Codex Exposed GitHub OAuth Tokens
March 30, 2026 | 3 min read
Go to slide 1
Go to slide 2
Go to slide 3
Topics
The Latest
Axios is a dependency in nearly 80% of all cloud and code environments and sees approximately 100 million
downloads per week.
Read More Supply Chain Attack Hits Axios NPM Packages
The bug is a command injection issue and lies in the way that Codex processed GitHub branch names during the
execution of tasks.
Read More Command Injection Bug in OpenAI Codex Exposed GitHub OAuth Tokens
TeamPCP’s latest victim is the Telnyx Python SDK on PyPl, coming after a wave of supply chain hits on Aqua
Trivy, Checkmarx KICS/OpenVSX, and LiteLLM.
Read More TeamPCP’s Supply Chain Attack Spree Continues
Technology moves quickly, and as we’re discovering yet again, threat actors move just as quickly, and are
adopting AI tools and platforms at an astonishing rate.
Read More For AI and Security, ‘The Storm is Coming’
Aleksei Volkov, 26, has been sentenced to almost seven years in prison for his role in facilitated Yanluowang
ransomware group attacks.
Read More DoJ Sentences Russian Initial Access Broker to 6 Years in Prison
Wendy Nather joins Dennis Fisher to dig into the nutrient-rich narrative soil that produced a modern classic that
truly epitomizes the hacker ethos. We are the greatest podcasters on Mars!
https://duo.com/decipher/apt-groups-moving-down-the-supply-chain
Page 2 of 3

Read More Mark Watney: Space Hacker
Source: https://duo.com/decipher/apt-groups-moving-down-the-supply-chain
https://duo.com/decipher/apt-groups-moving-down-the-supply-chain
Page 3 of 3